Object Name 


OID 


Access 


Description 


System Parameters 13. 6.1. 4.1. 1000 A A 


SysVersion 


1 


Read 
Only 
(RO) 


The major and minor version number of the 
installed System software, including the version 
of the custom proxy program at the gateway 
server if applicable (so that a new SNMP 
extension agent is not also required at the 
gateway server). 


SysMaxNoClients 


2 


Read 

/Write 

(R/W) 


The number of hotel rooms connected to this 
System server. 


Svstem Intermediate Driver Parameters 13. 6.1.4.1.1000.1.2 


IntlPAddr 


1 


R/W 


The client-side network adapter's IP address 
(this is the IP address all destination IP 
addresses are changed into when an IP packet is 
received). 


IntDestAddrPool 


2 


Not 

Accessi- 
ble 
(NA) 


AtableoflntDestAddrPoolEntry's. Each 
IntDestAddrPoolEntry shall contain the source 
IP (RO), the source port (RO), the destination 
IP (RO), the flags (RO), the source MAC 
address (RO) and the TTL value (R/W). The 
TTL value shall be used to remove entries from 
the table (i.e. by setting the value to 0). 


IntMaxConn 


3 


R/W 


The size of DestAddrPool, which determines 
the number of connections which can be 
supported over the server. 


ARP Svoofer Parameters 13.6.1 A. 1.1000. 13 


ArpHardwarelD 


1 


R/W 


A string specifying the Ethernet card to listen 
on. 


ArpHardwareAdd 
r 


2 


R/W 


The Ethernet address of the client-side network 
adapter of the System server. 


DNS Svoofer-Forwarder Parameters 13. 6.1.4, 1.1000. L4 


DNSRetlPAddr 


1 


R/W 


The client-side network adapter's IP address. 
This value is returned in response to DNS 
queries intercepted by the System server. 


DNSDomNameT 
able 


2 


NA 


AtableofDNSDomNameEntry's. Each 
DNSDomNameEntry shall contain the domain 
name (RO), destination IP (RO) and 
corresponding table of source IPs (RO). 



Table 1 



Trap Name 


Enterprise ID 


Generic 

Trap 

Number 


Specific 

Trap 

Number 


Variables 


Description 


DestAddrPool 
Full 


1.3.6.1.4.1. 
1000.1 

(iso.org.dodi 

nternetprivate 

.enterprises.fi 

cotionalready 

net) 


6 (always 6 
for 

enterprise- 
specific 
traps) 


1 


IntMaxConn, 
SysMaxNoClien 
ts, unique trap 
ID (always 
generated for the 
Trap PDU 
header), time 
stamp (always 
collected for the 
Trap PDU 
header) 


This trap is sent 
whenever 
DestAddrPool 
attempts to store 
n+1 entries, 
where n is equal 
to the maximum 
size of the table. 



Table 2 



Active Routes 


Network 
Destination 


Netmask 


Gateway 


Interface 


0.0.0.0 


0.0.0.0 


200.10.5.1 


200.10.5.1 


222.10.10.2 


255.255.255.255 


200.10.10.1 


200.10.10.1 


222.10.10.3 


255.255.255.255 


200.10.10.1 


200.10.10.1 










200.10.10.24 


255.255.255.255 


200.10.10.1 


200.10.10.1 


200.10.10.25 


255.255.255.255 


200.10.15.120 


200.10.15.120 



Table 3 



APPENDIX 



Module Main.cpp Main.cpp_2{2) 



FUNCTION 
ControiHandler 



BOOLWINAP1 

ControlHandler(DWORD dwCtrlType) 
{ 

swttch(dwCtrlTvpe) { 
case CTRL C EVENT' 
case CTRL_BREAK EVENT 
case CTRL_CLOSE_EVENT 
case CTRL LOGOFF EVENT, 
case CTRL SHUTDOWN_EVENT 

RnetLogger( H MAIN", "User invoked shutdown", RNET_LOG_0), 

ReadyNetCieanUp(J, 

break, 

} 

return true, 



FUNCTION 
ReadConfigFile 



boot 

ReadConfigFile(vojd) 
{ 

FILE *ConfigFile=NULL, 
charparm[50], value[30], *p; 
int ParmsFound » 0; 

ConfigFile = fbpen(ConfigRieName, "r"), 
if (ConfigFiie '=NULL){ 

while ('feof(ConfigFile)) { 
parm{0]=0, 

fscanffConfigFils, "%s %s", &parm, &value), 
r Convert to upper case */ 
for{ p parm; p < parm + str1en( parm ), p++ ){ 
if( islower( *p ) ) 
*p = _toupper( *p ), 

if ( strcmp(parm, " LOG_M ESSAGE_LEVEL") ~ 0) { 
ailowedjnsgjevei - atoi(value); 
ParmsFound+'*-, 

else if {strcmp(parm, "RNET_DNS_INET_ADDR H ) = 0) { 
strcpy(rnet_dnsjnet_addr, value); ParmsFound++, 

else if( strcmp(parm, H RNET_SERVER_INET_ADDR"} == 0) { 
strcpy(met_server_inet_addr, value), ParmsFound++, 

efse if( strcmp(parm. "ADAPTERNAMF) == Q) { 
strcpy{adapter name value, value); ParmsFound++, 

} 

else if (strcmp(parm, "MACADDRESS") — 0) { 
strcpy{mac address value, value), ParmsFound++; 

} 

else if (strcmp{parm, "SPLASHTYPE") — 0) { 
strcpy{splash_page type, vaiue), ParmsFound++; 

} 

else if {strcmp(parm, "") — 0) { 
> 

> 

fclose(ConfigFile}; 
if {ParmsFound == 6) 
return true; 
else{ 

RnetLogger{ M MAIN", "RNETCONF.TXT - Check number input parameters", RNET_ERROR_LOG), 
return false, 

) 

} 

else{ 

RnotLogger{"MAJN". "File RNETCONF TXT does not exist", RNET_ERROR_LOG); 
return false, 

} 

} 



Module Handters.cpp 



Handlers.cpp_4(10) 



FUNCTION 
getDestlp 



int 

getDstlp(int src tp, short src_port) 
{ 

r 

** Get the entry from the client table 
*/ 

int c index - getClientldx(srcjp), 
if (cjndex == NOT.FOUND) 
return FAILURE, 



r 

" Get the connection info from the clients connection table entry 
V 

conn_tbl_tp * conn_entry - getConnPtr(cjndex, src_port), 
if (conn_entry == NULL) 
return FAILURE, 

return conn_entry->dstjp, 
} 



FUNCTION 
connectToHost 



mt 

connecfToHost(mt ip, unsigned short port) 
{ 

struct sockaddrjn host_addr; 



** Obtain a TCP socket 
*/ 

bzero{(char *) &host_addr, sizeof(host_addr)); 

host_addr.smJamily = AFJNET; 
hosf addr.sin_addr.s_addr - ntohl(ip); 
hosCaddr.smjKJrt - ntohs{port); 

int sock - w_socket(AF_!NET, SOCK_STREAM, 0), 

if ( S ock — INVAUO_SOCKET){ 
RnetLoggerfERROR", 

"Could not obtain socket to connect to host", 

RNET ERROR_LOG), 
return FAILURE; 

} 

r 

** Attempt to connect to the server. 
*/ 

int rc = w_connect(sock, (struct sockaddr *) &host_addr, sizeof(host_addr)), 

if (rc == SOCKET_ERROR) { 
RnetLoggerfERROR", 

"An error occurred trying to connect to host", 

RNET_ERROR_LOG); 
return FAILURE; 

} 



Module Handlers.cpp 



handlers cpp_5(10) 



FUNCTION 
proxyMessage 



proxyMessage(int src_sock, int dst_sock) 
{ 

char msg[MAX_MSG_SJZE], 
int len; 



** Receive a message from the source socket. 
*/ 

if ((len = w_recv(src_sock, msg, MAX_MSG_SIZE, 0)) <= 0) 
return FAU.URE, 



** Proxy the message to the destination socket. 
*/ 

if (w_send(dst_soek, msg, ten, 0) <= 0) 
return FAILURE; 

return SUCCESS; 

> 



FUNCTION 
dataHandler 



void dataHandler(void *param) 
{ 

SOCKET socketfd. cli.socketfd, serv_socketfd; 
int rc, 

fd_setfdvar./ead; 

conn_info_tp2 *conn_info2 - (connjnfo_tp2*) param, 
socketfd = connjnfo2->serven 
di_socketfd = connjnfo2->client; 

serv socketfd = w accept(socketfd, NULL, NULL); 
if (serv.socketfd — INVAUD.SOCKET) 
throw; 



for(,;K 

// set (or reset) the structure 
FD_2ERO(&fdvar_read), 

// Cast to unsigned int to get nd of compiler warning 
FO_SET((unstgned int) cli_socketfd, &fdvar_read), 
FD_SET((unstgned int) serv_socketfd, &fdvar_read), 



// Wait for activity on either socket 
rc = w_select((int) NULL, 



&fdvar read, 

(fd_set~ ) NULL, 

(fd_set *) NULL, 

(const struct timevaf *) NULL); 



if (rc == SOCKETJ5RROR) { 

// RNET LOGGERfERROR", "Select socket function returned an error, 
RNET_ERROR_LOG), 
break, 

} 

// Receive from client and send to server 
if (FDJSSET(cti_socketfd, &fdvar_read) != 0) { 
re = proxyMessage(cii_sockatfd, serv_socketfd); 
if (rc != SUCCESS) 
break; 

> 

// Receive from server and send to client 

if (FD_ISSET(serv_socketfd, &fdvar_read) 1= 0) { 

rc = proxy Message(serv_socketfd, di_socketfd), 

if (rc'= SUCCESS) 
break; 

} 

} 

w_closesocket(c!i_socketfd), 
w_closesocket(serv_socketfd) , 
delete(conn info2), 

} 



Module Handlers.cpp 



hand!ers.cpp_6{10) 



FUNCTION 
openDataConnection 



void 0 penDataConnect)on(charbuffer[MAX_MSG_SIZE], void *param, int s_sock) 



' char 'firStr, *secStr, tempStrf.16], 
int firNum, secNum, old_port_num, new_port_num, 
int i, rc, 

int cli_soeketfd, serv_socketfd, 
strucfsockaddrjn c_socket, s_socket; 

conn_mfo_tp *conn_mfo = (connjnfojp*) param, 

// strtok the onginal client stde port number 
strtok(buffer, " "), 

for(t=0,i<5,i-H-) firStr = strtok(NULL, 'V*); 
secStr=strtok(NULU, ","), 
firNum = atoi(firStr); 
secNum = atO!(secStr}, 
old_port_num = firNum'256 +secNum, 
new_port_num = old_port_num, 



try{ 



}//try 
catch (. 



// initialize the client side socket 

ciLSOCketfd - w_socket(AFJNET ( SOCKSTREAM, 0); 

bzero((char*) &c_socket, sizeof(c_socket)), 

c_socket sinjamily = AFJNET, 

c_socket.sm_addr s_addr = htonl(connjnfo->src_ip), 

c_socketsin_port = htons(oldj3ort_num), 

if (cli_socketfd ~- INVALID_SOCKET) return; 

rc = wjannect(cli_socketfd, (struct sockaddr *) &c_socket, sizeof(c_socket)), 

if (rc = SOCKET_ERROR) return, 

// initialize the server side socker 
for (,;) { 

serv socketfd = socket{AFJNET, SOCK_STREAM, 0); 
bzero((char *) &s_socket, sizeof(s_socket)); 
s socketsin family = AFJNET, 

s!socketsin_addr.s_addr - inet_addr(met_server_inet_addr), 
sIsocket.stnj30rt = htons{new_port_num); 

rc = w_btnd(serv_socketfd, (struct sockaddr •) &s_socket, sizeof(s_socket)), 

tf (rc =- SOCKET_ERROR) throwfbindtng server socket"), 

rc ~ wJisten(serv_socketfd, BACKLOG_SIZE_FTP); 
r if the port ts already used, try the next higher port */ 
if (rc == WSAEISCONNH 
new_port_num = new_port_num + 1 , 
continue; 

} 

tf {rc == SOCKET_ERROR) throw, 

II reformat the msg with new port new and send to the server. 
strcpy(tempStr, met_serverjnet_addr), 
spnntf(buffer, "PORT %s", strtok(tempStr, ".")); 
for(i=0; i<3, i++) 

sprintf(buffer, "%s,%s", buffer, strtok(NULL, ".")); 
firNum = new_port_num % 256, 
secNum = (new_port_num - firNum)/256, 
spnntf(buffer, B %s,%d,%d\r\n H ,buffer, secNum, firNum); 

if (w_send(s_sock, buffer, strien(buffar), 0) < 0) return, 

conn_info_tp2 *conn_info2 = new conn_info_tp2; 
conn_info2->ctient = cli_socketfd, 
conn info2->server = serv_socketfd, 
rc = 3egmthread(dataHandler, 0, (void *) conn_tnfo2); 
tf (rc <0) throw; 
else break; 
}//for 

^ Who knows what happened Just shutdown and restart the service 7 
w dosesocket(serv_socketfd); w_ciosesocket{cli_socketfd), 
RNET_LOGGER("FTP*\ msg, RNET.ERRORJ-OG); 
ThreadMtceTable[FTP].lnService = false, 
num_threads_running -, 
_endthreadO. 



Module Handlers, cpp 



handlers.cpp_7(10) 



FUNCTION 
proxyMessages 



void 

proxyMessages(void *param, int s_sock) 
{ 

mt c_sock, 

cha~msg(MAX_MSG_SlZE]. 
int len, 

conn_info_tp *conn_mfo - (conn_jnfo_tp*) param, 
c_sock = conn_info->c_sock; 

for( , ; ) { 

f* Listen to both sockets for activity (a send or a receive ) V 

fd_set seleet_set 

FD_ZERO(&select_set), 

FD_SET((unsigned int) c_sock, &select_set), 

FD_SET((unsigned int) s_sock, &select_set); 

mt rc = w_select({int) NULL, 

&seiect_set, 

(fd_set*)NULL, 

(fd_set*)NULL, 

(const stnjct timeval *) NULL), 

if (rc == SOCKET_ERROR) { RnetLoggerfERRORYSetect socket function returned an error", 
RNET_ERROR_LOG); 

return; 

} 

I* Proxy the message to the server if the client sent it */ 
if (FD_ISSET(c_sock. &select set) ia 0) { 

if ((len ~ vv_recv(c_sock. msg. MAX_MSG_SIZE, 0)) <= 0) 
return, 

/* if FTP command PORT is found, open data connection V 
if (strstrfmsg, "PORT) !=* NULL) 

openDataConnection(msg, param, s_sock); 
else { if (w_send(s sock, msg, len, 0) 0) return, } 

) 

T Proxy the message to the client if the server sent it 7 
if (FDJSSET(s_sock, &selectjset) != 0) { 

rc - proxyWlessage(s sock, c sock); 

if (rc != SUCCESS) 
return; 

} 

} 



FUNCTION 
genericHandler 



void 

genencHand!er(void *param) 
{ 

conn_info_tp *conn_info - (connjnfojp*) param; 

i* Get the original destination IP address of the server. */ 
intdst ip = getDstlp(conn info* >src_ip, conn mfo->src_port), 
if (dstjp = FAILURE) { " 
RnetLoggerCERROR", 

"Destination IP could not be obtained from table", 

RNET.6RRORJ.OG); 

return, 

} 

r Establish a connection to the server. */ 

SOCKET s sock = connectToHost(dst_tp, conn info->dst_port); 

if (s_sock != FAILURE) { 

P if the connection succeeded, proxy the messages between 

the client and server (and visa-versa). */ 
proxyMessages(conn_info, s^sock); 
w closesocket{s sock), 
} " 



w_closesocket(connjnfo->c_sock); 
delete conn info; 

} 



Module Handlers. cpp 



handlers.cpp_8(10) 



FUNCTION 
genencTCPProxy 



void 

genencTCPProxy(short c_port, short s_port, PROCPTR handlerjn, 

char *protocol name, int protocol^number, int backlogLsize) 

{ 

struct sockaddrjn listen_addr, 
int listen_sock; 

try 
{ 

r Prepare a socket that will accept connections on the client side card */ 
tisten_sock- w_socket(AF_fN£T, SOCK.STREAM, 0), 

if (listen_sock INVALID_SOCKET) throwfailocatmg socket"): 

bzero{(char *) &hsten_addr, sizeof(listen_addr)); 
listen_addr.stn_famffy = AFJNET; 

hsten_addr.sin~addr.s_addn=ineLaddr(RNET_CLIENTJNET_ADDR); 
listen_addr.sin_port = htons(c_port), 

int rc = w_bind(itsten_sock, (struct sockaddr *) &listen_addr, sizeof(listen_addr)), 
if (rc « SOCKET_ERROR) throwCbindmg to socket"). 
RnetLoggerfprotocol^name, "Proxy Started", RNETJ.OG_0), 
for(;.){ 

/• Listen for and accept the connection. V 
rc= w_listen(listen_sock, backlog_size}, 

if {rc — SOCKET.ERROR) throwOtistenmg to socket"). 

SOCKET c_scck = w_accept(ltsten.sock, NULL, NULL); 

if (c_sock — INVAUD.SOCKET) throw("accepbng a connection"); 

struct sockaddrjn srcjn_addr; 

int src_addrjen - sizeoffstruct socfcaddrjn); 

getsockname(c_sock, (sockaddr*)&src_in_addr, &sre_addrjen), 
RnetLogger(protocol_name, inet_ntoa(src_in_addr sm_addr), RNET_LOG_2), 

getpeemame(c_sock, (sockaddr*)&srcjn_addr, &src_addrjen), 
RnetLoggerfprotocoLname, i net jntoa(src_in_addr.sin_addr) , R NET_lOG_2); 

r Note It is important that the handier function free the memory allocated 

here by calling the delete function. */ 
conn_info_tp *connjnfo - new conn_info_tp, 

r Prepare the structure that is needed in order to pass multiple to the new thread. */ 

conn_info->c_sock = c_socX, 

connJnfo->src_ip = htonl(srcjn - addr.sin_addr.s_addr); 

connjnfo->src_port = htons(srcjn_addr sin_port); 

connj nf o- >d st_p ort = s_port, 

rc ~ _beginthread(har)dler_fr), 0, {void *) connjnfo); 

if (rc < 0) throwfstarting a new thread"): 

) 

> 

catch (char * s) 
t 

/* Who knows what happened Just shutdown and restart the service •/ 
w_cfosesocket({fsten_sock); 

char msg[100]; 

spnntf(msg,"Fatal Error - shutting down service. An error occurred when %s", s); 
RnetUsggerfprotoeoljiame, msg, RNET_ERRORJ_OG); 
ThreadMtceTablefprotocoLnumber] InService = false, 
num_threads_running -, 
_endthread(); 

} 

catch ( .) 
{ 

r Who knows what happened Just shutdown and restart the service */ 
w_closesocket(JfSten - sock), 

RnetLogger(protocof name, "Fatal Error - shutting down service", RNET_ERROR_LQG), 
ThreadMtceTablefprotocoLnumber] inService = false, 
num_threads_running -; 
endthread(); 

} 

} 



Module Handlers.cpp 
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FUNCTION 
httpHandler 



void 

httpH and ler{ void *param) 
{ 

connjnfojp *conn_info = {connjnfojp*) param, 

T Get the destination IP address of the HTTP server 7 

mt dstjp = getDstlp(conn_info->srcjp, OTnnjnfa->src_port), 

if (dst ip == FAILURE) { RnetLogger("ERROR", 

"Deslination !P could not be obtained from table". RNET_ERROR_LOG); return. } 



r Connect to the HTTP server 7 

SOCKET s_sock - connectToHost(dstjp. cannjnfo->dstjport), 
C Get the index of the clients entry from the table 7 
int c index = getCiientldx(conn_info->srcjp); 

if (cjndex == NOT_FOUND) { RnetLoggerf ERROR", "HTTP client not found, aborting connection", 
R NET jzR ROR_LOG) , goto cleanup; } 

r Use the index to determine if we must pop up the splash screen */ 
if 0 client tbl[c_index] splash_screen_shown) { 
char 5(500], 

r s contains the text we need to insert into the HTML document. 

The inserted text will then pop up a new splash page. V 
sprintf(s, "<script LANGUAGE=\ n JavaScnpt\"><'"\rVi" 

"window open(VHTTP //%s/techshowcase\'*,VVA ,, width=576,height=452V , ),\r\n" 

7/~></scnpt>\r\n B , SPLASH_!P_ADDR); 

for(;;){ 

T Listen to both sockets for activity (a send or a receive ) / 
fd set select_set FD ZERO(&select_set), 

FD SET({unsigned tn~t) conn tnfb->c sock, iselect set); FD_SET{(unsigned mt) s_sock, Sselectjset); 
mt 7c = w_select((mt) NULL, iseiectjiet, (fdjset *) NULL, (fd_set *) NULL, (const struct timevat *) NULL). 

tf (rc — SOCKET_ERROR) { RnetLoggerf ERROR", "Select socket function returned an error", 
RNET_ERR0R_LOG). goto cleanup; } 

r If the message came from the client then send it to the server. 

We are not interested in this case, so just proxy the message. V 
if {FDJ$SET<conn_info->c_sock, &select_set) != 0) 

if <proxyMessage(connjnfo->c_sock, s_sock) — FAILURE) goto cleanup, 

r If the server sent the message then determine if it is an HTML document if it is then 

insert our stnng and set the splash screen shown flag 7 
if (FD ISSET{s_sock, &select_set) !=0){ 

char~msg[MAX_MSG_SIZE+ 1]; mt len; 

if ((len = w_recv{s_sock, msg, MAX_MSG_SIZE, 0)) =* CONNCLOSED || (len < 0)) goto cleanup. 

r Try find an uppercase or lowercase HTML tag 7 

char *p = strstr(msg, "-sHTMLX); 

if (p = NULL) p = strstr(msg, B <:htmt>"), 

if (p— NULL) { 

r Send the data to the client if the HTML tag wasn't found. 7 
if (w_send(conn info->c sock, msg, len, 0) <= 0) goto cleanup, 
} 

else< 

/* Modify the message received to include our stnng. Send the new string to the client and 
hopefully Javascript is enabled which would display our splash screen (under the current 
implementation ) 7 

p +- strlenC<HTML>"); 

r Null terminate msg so that the strcat function calls will succeed. 7 
msg[Ien] - W; 

I* Copy up to and including <htmi> tag 7 
int n = p - msg; 

char new_msg[MAX_MSG_SIZE + 1 + 5001; memcpy(new_msg. msg, n), new_msg{n] = *\0'; 

I* Copy javascnpt string 7 

strcat(newjrtsg, s); 

T Copy remainder of message 7 

strcat(new_msg, p), 

r Modify the length to reflect our addition 7 
len strten(s); 

if (w_send(conn_tnfo->c_sock, newjnsg, ten, 0) <~ 0) goto cleanup; 
r Set the flag since the splash screen should have been shown. 7 
client tbl[c index] splash screenjshown = TRUE; break; 

} 

> 

> 

} 

I* Proxy the messages as we would normally 7 
proxyMessages(conn_info, s_sock), 
cleanup, 

w_ciosesocket(s_sock) ; 
w_cIosesocket(conn_info->c_sock); 
delete connjnfo; 

} 



Module Handlers. cpp 
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FUNCTION 

rnetCustomUDPListener 



void 

RnetCustamUDPListener(void *) 
{ 

struct sockaddrjn ltsten_addr; 

tnt listen sock; 

try 

/* Prepare a socket to receive the custom UDP datagrams / 
listen_sock = w_socket(A F_l NET, SOCK.DGRAM, 0), 

if (listen_sock ~ !NVALID_SOCKET) 
throwf/'atlocating socket"), 

bzero((char*) &listen_addr, sizeof(tisten„addr)), 

!isten_addr sin family = AF_INET, 

listen.addr.smladdr s_addr = inet_addr(CLIENT_SIDEJP_ADDR), 

r Bind to the same port number that the intermediate dnver will use 

to send the connection or datagram details */ 
listen_addr stn_port ~ htons(IP_PORT_RDYNET), 

intrc^w btnd(listen_sock, 

"(struct sockaddr *) &listen_addr, 
sizeof(hsten_addr)), 

tf (rc — SOCKET_ERROR) 
throw( B binding to socket"); 

RnetLoggerrCSTNLUDP", "Custom UDP service started", RNET_LOG - 0), 

r If the packet was sent due to a TCP Finished flag then delete the entry from 
the connection table. Otherwise add an entry to the table. The intermediate 
dnver should send a UDP packet whenever it receives a TCP synchronize, 
TCP Finished, or a UDP packet 7 

for (;;){ 

chardata[RN DATA_S2]; 

w - recvfrom(ltsten_sock, (char*) &data, RN_DATA_S2, 0, NULL, NULL), 

r Extract the destination IP, source fP, and source port from the UDP packet V 

int dst ( p = htonl(C(mt *) &data{RN_UDP_DSTJPp); 

tnt src'tp - htonl((*(tnt *) &data[RNUDP_SRC_IP])), 

short srcjjort = htons((*(short *) &data[RN_UDP_SRC_PORT])), 

if(data[RN_UDP_FlN]) 
delConn(src_ip, src_port); 
else 

addConn(dst ip, srejp, src_port), 

} 

} 

catch (char * s) 

V Who knows what happened Just shutdown and restart the service V 
w_ciosesocket(Ii sten_sock) , 

charmsg[100]; 

spnntf{msg, "Fatal Error - shutting down service. An error occurred when %s , s); 
RnetLogger{"CSTM.UDP" ( msg, RNET_ERRORJ-OG), 

ThreadMtceTabie[CSTM_UDP] InServtce = false, 

num_threads_running -; 

_endthread(); 

} 

catch (...) 



V Who knows what happened. Just shutdown and restart the service 7 
w_closesocket(tisten_sock); 

RnetLoggerCCSTrODP*. "Fatal Error - shutting down service M , RNET_ERROR_LOG); 

ThreadMtceTable[CSTM_UDP] InService = false, 
num_threads_running -; 
endthreadO; 

} 

} 
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FUNCTION 
ChrToHexNybble 



byte ChrToHexNybble(char source){ 
if (source >= V &.&. source <= '9') 
return source - '0', 

else if (source >= *A' && source <= 'P> 
return (source - 'A') + 10; 
else 

return (source - 'a') + 10, 

} 



FUNCTION 
ChrToHexByte 



byte ChrToHexByte(char * source){ 

// Character must be a hexadecimal character t.a must be in range 0..F. 
if (sourcefO] < '0' 

j| (source[0] > '9' &&. source[0] < 'A 1 ) 

[| (source[0] > T' && saurce[0] < 'a') 

|| (sourcefO] > 'f )) 

return 0; 

if (source[1] < '0* 

|| (source[1] > '°C && source[1] < 'A') 
|| (sourceflj > 'F' && source[1] < 'a') 
|| <source[1]>T» 
return 0; 

byte high_order_nybbte ~ ChrToHexNybbIe(source(p]); 
byte iow_order_nybble = ChrToHexNybbie(source{1]), 

return (high order nybbie « 4) + low order_nybble, 

} 



FUNCTION 
StrToHex 



void StrToHex(byte * dest, char * source){ 
int i ~ 0; 

while (source[t] != '\0'){ 
dest[i/2] = ChrToHexBvte(&source[i]) t 
(+=2, 

) 

} 



FUNCTION 
RnetArpShutdown 



votd 

RnetArpShutdown{LPADAFTER adapter, LPPACKET packet) 

r */ 

r R N ET_AR P_AU D IT_SHU T DOWN V 
r Simple shutdown routine */ 

r */ 

{ 

RnetLoggerCARP 4 *, "Shutting down service RNET_LOG_0); 

PacketFreePacket(packet) , 
PacketResetAdapter{adapter); 
PacketCloseAdapter(adapter); 
ThreadMtceTablefARP] inServtce = false, 
num_threads_runntng ~, 
endthread(); 

}~ 
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FUNCTION 
RnetArpSpoofer 



void cdecl 

RnetArpSpoofer(void *) { 

long curjime; 

ROUTE_TABLE_ENTRY route_table[MAXCLIENTSJ, 

// Set up for packet buffer 
char pbuf[2D48]; 
LPAOAPTER adapter; 
LP PACKET packet. 



//initialize route table 

for (int i=0; i<MAX_CLIENTS, i++) { route_table[i].in_use=0, } 
RnetLoggerf ARP", "Route Table Initialized", RNET_LOG_0), 

byte mac_address[MAC_ADDRESS_SIZE], 

// This win contain the MAC address of the network card 

wcharj adapter_name[MAX ADAPTER_STR]; 
RnetLoggerfARP", "ARP Service Started", RNET_LOG_0); 

r Convert the parameters read in from the to something we can use. 7 
StrToHex{&mac_address[0] t &mac_address_value[0]); 

MultiByteToWideChar(CP_ACP, 0, adapter_name_value, -1, adapter_name, 2* strten(adapter_narne_value)), 



// Open the adapter 

adapter = (LPAOAPTER)PacketOpenAdapter((char *)&adapter_name); 
// Terminate the program if the adapter couldn't be opened. 

if ("adapter) { RnetLoggerCARP", "Fatal Error - Cannot open the network card", RNET_ERRORJ_OG). return; } 

// Receive all packets on adapter {promiscuous mode) 
PacketSetFilterfadapter, ND IS_PACKET_TYPE - ALL_LOCAL) ; 



ethhdr 'eheader = NULL, 



try{ 
while (1) { 
unsigned long bytes_received = 0; 
BOOLEAN sync - true, 

// If sync ts true PacketReceivePacketwill not return until a packet ts received 
memset(pbuf, 0, 2048); 

packet = {LPPACKET)PacketAllocatePacket{adapter); 
PacketinitPacket(packet, pbuf, 2048), 

intx= PacketReceivePackettadapter, packet, sync, &bytes_received); 

eheader = (ethhdr *)pbuf; 
eheader->type = nstohs{eheader->type), 

// ignore all ARP packets with source MAC equal to our MAC 
!f ((eheader->type — ARP_PACKET) && 
(memcmp(e header->source ,mac_address,MAC_AD DRESS_SI2E)) ){ 

// skip over to the beginning of the ARP header 
arphdr *arpheader = (arphdr *)(pbuf+14), 

// flip byte order for use 

arpheader->tpaddr = nitohi(arpheader->tpaddr), 
arpheader->spaddr - nitohi(arpheader->spaddr); 

// If the ARP packet is an ARP request... 
if (arpheader->op == ARP.REQUEST) { 

intsource_ip1, sourcejp2, source_ip3, sourcejp4, destjpl, destjp2, destjp3, destjp4; 
char MesgBuf[100], 

// Pnnt out some 'useful' information about the ARP request 
BreaklP(arpheader->spaddr, &source_ip1, &sourcejp2 t &source_ip3, &sourcejp4), 
BreaklP(arpheader->tpaddr, SdestJpT, &dest_ip2, &destjp3, &dest_tp4); 
spnntf(MesgBuf, "Request from %d %d %d.%d for %d.%d.%d.%d" 1 

source ip1, source ip2, source_ip3, sourcejp4, destjpl, destjp2, dest_tp3, dest_ip4), 
RnetLoggerfARP", MesgBuf, RNET_LOG_1}; 

// ignore ARP requests for themselves (though this seems to echo) 
if ((source jp1 = destjpl) && (sourcejp2 — dest_ip2) && 

(source_ip3 — dest_ip3) && (source_ip4 = dest_tp4)) { continue, } 
tjme(&cur_ime), 
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FUNCTION 
RnetArpSpoofer 



char sourcejp_str[255], 

// This will store the source ip string tn dotted-decimal format 
// Initialize the string to contain the source ip 

spnntf((char*) &source_tp_str, H %d %d %d %d", sourcejpl , source_ip2, source_!p3, source_ip4), 
// Time to look through the route table and get nd of ancient entries 



int done=0, 

for (int j=0; j<MAX_CUENTS; ]*+) { 

tf {strcmp(routejabie[f] ip_address,source_ip_str) == 0) { 
if (route_tabieO].in_use =- 0) { 

// kiil it 

// set the route table stuff 
route_table[j].m_use=0, 

RnetLoggerCARP", route_tabie[fl ip_address, RNET_ERROR_LOG), 

// Spawn off a new process that wilt delete the route 
// Note that we wait for the "route" process to complete before returning 
// as indicated by the _P_WAIT parameter. (This might be an unnecessary 
// precaution 

if Lspawnlp(_P_WAlT, "route", "route", "delete", routeJabie[fl ipjaddress, NULL)) { 
//_spawn!p returns to us whatever the "route" program returns. 
// Not sure what to check for here so just pnnt a 
// genenc message to indicate something is wrong 

RnetLoggerCARP", m Route* program returned non-zero (route deletion B may have failed )", 
RNET_ERRORJ_OG ), 

route JablerjJ in use=1; 

} 

} 

> 

if (((cur time -route tabled entry time) > ROUTE TIMEOUT) &&. (route Jable[jl.in_use — 1)) { 
// kill it 

// set the route table stuff 
route_JabletQ.in_use=u; 

RnetLoggerCARP", Timeout has occurred", RNET_ERRORJ_OG); 

// Spawn off a new process that wilt delete the route. 
// Note that we wait for the "route" process to complete before returning 
II as indicated by the _P_WAIT parameter. (This might be an unnecessary 
// precaution.) 

if Lspawnlp(_P_WAIT, "route", "route", "delete", route_tabteQ].ip_address, NULL)) { 
//_spawnlp returns to us whatever the "route" program returns. 
// Not sure what to check for here so just pnnt a 
// genenc message to indicate something is wrong. 

RnetLogger("ARP", "Route' program returned non-zero (route deletion A may have failed )", 

RNET_ERROR_LOG ); 
routeJablefl].in use=1; 

} 

} 



if ((done == 0) && (route_tabieOJ.in_use == 0)) { 
//add it 

// set the route table stuff 

// found an empty slot - fill tn the entry and set the route 
route_tab!erj]Jn_use=1 ; 
route_tabieO].entry_time=cur_time, 
strcpy(route_table[jl.ip - address,sourcejp - stt i ), 
done*1; 



RnetLoggerCARP", "Adding entry to Route Table", RNET_ERROR_LOG); 
// Spawn off a new process that will add a new route 
// Note that we wait for the "route" process to complete before returning 
// as indicated by the_P_WAIT parameter (This might be an unnecessary 
// precaution.) 

if (_spawnlp(_P_WAIT, "route7route\ "add*\sourcejp_str ( "mask" t "255255255255" t "192.168.5.r, NULL}) { 
// _spawnlp returns to us whatever the "route" program returns 
// Not sure what to check for here so just pnnt a 
// genenc message to indicate something is wrong 

RnetLoggerCARP", "'Route' program returned non-zero (route addition may have failed )", 

RNET_ERROR_LOG ), 
route_tab!e[j] in use=0; 
} 

} 
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FUNCTION 
RnetArpSpoofer 



// 

// Respond to the ARP with our address 

// 

// Time to create an ARP response indicating the ReadyNet client-side MAC address 
LPPACKET arp_response = NULL; 

arp_response = (LP PACKET) PacketAllocatePacket{adapter), 
char arpbuf[sizeof(etrihdr)+sizeof(arphdr)]; 

PacketlnitPacket(arp_response, arpbuf, sizeof(ethhdr)+sizeof(arphdr)), 

// Set client-side MAC address in the ethemet header 
ethhdr * ehdr = (ethhdr *)arpbuf; 
arphdr * ahdr = (arphdr *){arpbuf + 14), 



for (int i = 0, i < 6, i++) 
ehdr->source{i] =» mac_addressp], 

memcpy(ehdf->dest, arpheader->shaddr, 6), 
ehdr->type = nstohs(0x0806); 
ahdr->hrdtype = nstohs{1); 
ahdr- prototype = nstohs(0x800), 
ahdr->hiength = 6, 
ahdr->piength = 4, 
ahdr->op = nstohs(2), 

for (i = 0; i < 6, i ++) 
ahdr->shaddrfj] = mac - address{i], 

arpheader->tpaddr = mtohi{arprteader->tpaddr); 
memcpy(&(ahdr->spaddr), &(arpheader->tpaddr), 4), 
memcpy(ahdr->thaddr t arpheader->shaddr, 6), 
arpheader->spaddr = nitohi(arpheader->spaddr); 
memcpy(&{ahdr->tpaddr), &(arpheader->spaddr), 4); 

intrc; 

// send the packet off 

rc ~ PacketSendPackettadapter, arp_response, true); 

} 

// Take care of ARP responses from ReadyNet clients 
else{ 

intipl, ip2, ip3, ip4, sipl, sip2, sip3, sip4, 
char MesgBuf[100]; 

BreaklP(arpheader->spaddr ( &ip1, &ip2, &ip3, &ip4); 
BreaklP(arpheader->tpaddr, &sip1, &sip2, &sip3, &sip4), 

sprintf(MesgBuf, "Response from %d.%d.%d.%d for %d.%d.%d.%d", ip1, ip2, ip3, tp4, sipl, sip2, stp3, sip4); 
RnetLogger("ARP", MesgBuf, RNET_LOG_1); 
}//else 

} // if (eheader->type == 0x806) 
} PacketFreePacket(packet),// While(1) 
}//try 
catch{...) 
{ 

// Catch alt exceptions and free memor and handles accordingly. 
RnetArpShutdown(adapter, packet), 

> 

} 
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pnntlog(mt code, unsigned char *buffer, struct sockaddrjn "from) { 
int ip1, ip2, ip3, ip4, 

char domain_name_buf{ 100], mesg[80], 
int domain_name_len, 

strcpy(&domain_narne_buftOj, (const char *)&buffer[13]), 
domain_name_ien = sWen(&domain_narne_buf[Q]), 

// Replace all control characters with a period {For some reason the penods 
// in a domain name are replaced with control characters e.g "www.trlabs ca M 
// is received as n www<0x04>trlabs<0x02>ca") 
for(int t = 0, t < domain_nameJen, t ++) 
if (domain_name_buf[t] < ''') 
domain_name_buf£t] = 

// Get the requestor's IP address out of the 'from* struct 
BreakiP(from->sin_addr.s_addr, &ip1, &ip2. &ip3, &ip4); 



switch (code) { 

case T // Echo the request for the domain name 
spnntftmesg," — Request — \r\nSource IP %d%s%d%s%d%s%dVViDomain Name '%s m , 
ip4,". t, ,tp3, ,t B ,ip2," ",ip1, S.domain_name_buf), 
RnetLoggerfDNS", mesg, RNET_DEBUG_LOG); 
break; 

case 2* // Echo the response 
spnntftmesg,*' — Response — \r\nSource IP. %d%s%d%s%d%s%d", 
ip4 l ". H l ip3,"-" l ip2,r,ip1), 

RnetLogger( M DNS", mesg, RNET_DEBUG_LOG); 

break; 
default; 
) 

return; 

} 



FUNCTION 

isDomainNameLocalNet 



bool 

isDomainNameL.ocalNet(unsigned char "DNSdata) 

/* isDomainNameLocalNet */ 

r Checks the Domain Name to see tf there are V in tt 7 

t Returns false if no dots. */ 

f ASSUMES, only one question in the DNS query */ 

{ 

unsigned char *CurrPos; 
int labels = 0; 

unsigned short CharCount; 

/* A DNS question portion for www.trlabs.ca would took like 7 
Tthts 3wwwStrlabs2caO 7 
r The *\0' at the end signias the end of the question. The 7 
r digits indicate the number of chars that fall between 7 
I* the dots The characters between the dots are 'labels', 7 
r thus, if we find more than one label, then we can guess 7 
r that we have found a non-internet domain name. 7 



CurrPos = DNSdata; 

while ((CharCount = (unsigned short) *CurrPos & OxOOff) l= 0) { 
f Skip the label, and account forth© numenc7 
CurrPos += CharCount + 1; 
labels++; 

} 

f If more than one label was found, then there were "dots" 7 
/* tn the Domain Name, le. it was composed of more than one 7 
r label. 7 



if (labels > 1 ) return false; 



return true; 

} 
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FUNCTION 

RnetDnsBuildDefauftRR 



RnetDnsBuiidDefauitRR(unsigned char *DNSAnswerData) 
{ 



r Bytes 1 and 2 */ 
"DIMSAnswerData++ = OxcO, 
*DNSAnswerData++ = OxOc; 



/* Bytes 3 and 4 */ 
/•Type (set to 1 - IP) */ 
*DNSAnswerData++ = 0x00, 
*DNSAnswerData++ = 0x01, 



I* Bytes 5 and 6 */ 
/* Class (set to 1 - Internet Data) */ 
"DNSAnswerData++ = 0x00, 
*DNSAnswerData++ - 0x01, 



/•Bytes 7 to 10*/ 

f Time to live (12 hours „ typically 2 days or sol) 7 
*DNSAnswerData++ = 0x00, 
*DNSAnswerData++ = 0x02, 
*DNSAnswerData++ = 0xa3, 
*ONSAnswerData++ = 0x00, 

/•Bytes 11 and 12 V 

r Resource Data Length (IP v.4 address length) 7 
*DNSAnswerData++ = 0x00; 
*DNSAnswerData++ = 0x04, 



r Bytes 13 and 14 7 

r Resource data (IP address of spoofer) */ 
/•Currently 192.168 51 */ 
*DNSAnswerData++ = OxcO; 
*DNSAnswerData++ = 0xa8; 
"DNSAnswerData++ = 0x05; 
*DNSAnswerData++ = 0x01; 

/* The length is currency fixed at 16 V 
return 16, 

} 



FUNCTION 

RnetDnsBuildDefaultResp 



int 

RnetDns8uiIdDefaultResp(unsigned char *DNSData){ 
/* the length of the question section 7 
int qsize ~ 0, DNSQuestionLen, DNSAnswerLen; 
dnshdr *dns = (dnshdr *)DNSData; 

unsigned char *CurrPos - (unsigned char *)&DNSData[DNS_HEADERJ_EN], 'DNSAnswerData, 



-Process the DNS Header section- 



-*/ 



/* Convert from host to network byte order */ 
dns->flags - htons{dns->flags); 
dns->answers - htons{dns->answers); 

r Set the QR and AA bits in DNS flags. */ 

f QR - Query response field, AA - Authontative answer */ 

dns->ftags - 0x8400; 



V If recursion was desired then indicate that recursion was available. */ 
if {dns->flags & 0x0100) dns->flags |= 0x0080; 



dns->answers = 1; 



f Convert from network to host byte order 7 
dns->flags = ntohs(dns->flags), 
dns->answers ~ ntohs{dns->answers), 



/*. Process the DNS Questions section 7 

DNSQuestionLen = strien((constchar*)CurrPos)+1+DNS_QUERY_TYPE_LEN+ 

DNS_Q UERY_CLASS_LEN, 
DNSAnswerData = I(DNSData[DNS_HEADER_LEN + DNSQuestionLen]), 
DNSAnswerLen = RnetDnsBuildDefaultRR( DNSAnswerData); 
return DNS_HEADER LEN + DNSQuestionLen + DNSAnswerLen, 

} 
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FUNCTION 

RnetDnsAuditShutdown 



RnetDnsAudttShutdown( HANDLE dns table_mutex) 

r v 

f RnetDnsAuditShutdown stmpie shutdown routine 7 

/*- V 

{ 

RnetLoggerfDNS". Table Audit - Shutting down", R N ET_VERBOSE_LOG) , 
ReleaseMutex(dns_tabl ejnutex) , 
met_dns_table_audit_running = false, 
endthreadO, 



FUNCTION 
CheckDNSTableTimer 



void 

CheckD NSTableTi mer(void) 
{ 

unsigned int DNSIdx, IPidx, 
time_t CurrentTirne, TabieTime, 
double elapsed_time, 

tirne{&CurrentTime), 

for <DNSIdx=0, DNSIdx < DNSTable DNSTableSize, DNSldx++) { 
for ( IPldx^O; IRdx < DNSTable DNSTabielterns[DNS!dx].SrdPListLen, IPIdx-H-) { 
f* Turn on Mutual Exclusion so that the send/receive routines */ 
f* don't change this table while we clean it 7 
WaitForSingleObject(dnsjable_mutexJNRNITE); 
TabieTime = DNSTable DNSTablettems[DNSIdx] SrclPUstflPldxl.Timer; 
elapsed^time - difftime(CurrentTtme.TabteTime), 
if (eiapsedjirne >= DN$_TABLEJ"IMEOUT) { 

r Purge tii© entry from the table */ 

/*pnntf("DEBUG clearing entnesVW) */ 

DNSTable.DNSTabfeltems[DNSIdx] SrclPUst[IPIdx].used » false; 

DNSTable DNSTableltems[DNSIdx] SrclPbstLen-, 

if (DNSTable DNSTableltems[DNSldx].SrclPUstLen 0) { 

r Purge the entry from the table 7 

DNSTable DNSTableltems[DNS!dx].used = false, 

DNSTable DNSTableSize-, 

} 

r Turn off Mutual Exclusion 7 
} 

ReleaseMutexfdn s_table_mutex) , 



} 



FUNCTION 
RnetDnsAudit 



void 

RnetDnsAudit(void*) 
{ 

met dns table audit running = true, 

try 

{ 

fare ;){ 

Seep(ONE_MIN); 

Rnettogge^DNS", Table Audit in Progress", RNET_DEBUG_LOG); 
CheckDNSTableTimerO, 

RnetLogger("DNS", Table Audit Complete" , RNET_DEBUG_LOG); 

} 

} 

catch ( . } 
{ 

RnetDnsAuditShutdown(dns_tab!e mutex), 

} 



} 
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FUNCTION 
RnetDnsRtnResp 



RnetDnsRtnResp(SOCKET src, SOCKET dst) 

{ int MesgLen, AddrLen, blen - EN ET_PKT_LEN_MAX + ENET_HOR_LEN, SrclPldx, Nameldx, 
struct sockaddr_in RecvFromAddr. OestlnetAddr; 
dnshdr • dns; 

unsigned char buffer[ENET_PKT_LEN_MAX + ENET_HDR_LEN], 'DomainName, 
charmesg[30]; 

unsigned short myflag, TranslD, rcode; 

bzero(buffer, ENET_PKT_LEN_MAX + ENET_HDR_LEN), 

AddrLen = sizeof{ClientlnetAddr), 

r Receive the UOP packet from the DNS server 7 

if ((MesgLen = w_recvfrom(src, (char *) buffer, blen, NULL, (struct sockaddr *) 
&RecvFromAddr, &Addri_en)) <= 0) return false, 

r Check the RecvFromAddr to make sure its from the DNS server 7 
if (RecvFromAddr. sin_addr.s_addr '= DNSlnetAddr sin_addr s_addr) 
return false, 

dns a (dnshdr*) buffer; 
myflag ~ htons(dns->flags), 
rcode = myflag & OxOOOf; 

if (myflag & 0x3000} { 
if (rcode == OK 
if (htons(dns->answers)~0) { 
RnetLoQQ€ff DNS", "Sending default response", RNETVERBOSEJ.OG); 
MesgLen = RnetOnsBuildDefauitResp(buffer), 

} 

else{ 

r DNS response We return this to the client side 7 
dns->ftags - htons(dns->flags); 
dns->Rags )= 0x8400; 

tf (dns->flags & 0x0100) dns->ftags |- 0x0030, 

r Convert to Host Byte Order 7 
dns->flags = ntohs(dns->flags); 



else if (rcode — 3){ 

MesgLen = RnetDnsBuiIdDefauitResp(buffer); 

} 

else { 

RnetLoggerCDNS", ResponseArray[rcode], RNET_DEBUG_LOG); 
return false; 

} 

} 

else { 

return false, 

} 

DomainName = (unsigned char *)&buffer[DNS_HEADER_LEN]; 
WaitFor$ing!eOb]ect(dns Jable_rnutex, I N FINITE) , 
TranslD - htons(dns->queryident), 

if ((Nameldx = TblGetNameEntry(&DNSTable, DomainName))==-l) 
return false, 

/* Look up the corresponding IP address of the client for this name/trans 7 
if ({SrclPldx = TbiGetSrclPEntry(&DNSTable, Nameldx.TransiD)) == -1) 
return false; 

OestlnetAddr - DNSTable.DNSTableltems[NaiTieIdx] SrclPList[SrciPldxl.SourcetP; 
TableRemoveEntryf&DNSTable, Nameldx, SrclPldx), 
ReleaseMutex(dnsJable_mutex); 

/* Send it out V 

if (w_sendto(dst, (char *) buffer, MesgLen, NULL, (struct sockaddr *)&DestlnetAddr , sizeof(DestlnetAddr)} <= 0) 
return false; 



return true, 
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FUNCTION 
RnetDnsProxy 



void 

RnetDnsProxy(void *) 
{ 



SOCKET CiientFd, ServerFd t 



struct fd_set TheSockets. 

met_dns_table_audit_running = false, 
Tbl f nitAf I Entnes(&DN STabl e) , 

1* Initialize the DNS Server Address*/ 
bzero(&DNSInetAddr, sizeof(DNSInetAddr)), 
DNSInetAddr sin Jamily = AFJNET, 

DNSlnetAddr sin_addr s_addr - inet_addr(rnet_dnsjnet_addr), 
DNSInetAddr.sin_port = htons(lP_PORT_DNS), 

int re; 

f* initialize the Client Side socket */ 

ChentFd = socket{AFJNET, SOCKJDGRAM, IPPROTOJJOP), 
bzero(&ClientlnetActdr, stzeof(CIientlnetAddr)), 
CtientfnetAddr sin_family = AFJNET, 

CiientInetAddr.stn_addr,s_addr = inet_addr(RNET_CLIENTJ N£T_ADDR); 
CtientlnetAddr.sm_port = htons(IP_PORT_DNS); 

rc = bind(ClientFd, (struct sockaddr *) AChentlnetAddr, sizeof(C!ientlnetAddr)), 
1* initialize the Server Side socket */ 

ServerFd - socket(AF_INET, SOCK_DGRAM, IPPROTOJJDP), 
bzero(&ServerlnetAddr, sizeof(Serverin etAddr)}; 
ServertnetAddr stnjamily = AFJNET, 

ServerlnetAddr.sin~addr.s_addr - inet_addr(rnet_serverjnet_addr); 
ServerinetAddr.stn"port = htons(IP_PORT_DNS), 

rc = bmd(ServerFd, (struct sockaddr *) &ServerlnetAddr, sizeof(ServerlnetAddr)); 

/•This creates a mutex object that can be used to control access V 
I* to the DNSTable 7 
dns_tabie_mutex=^reateMutex(NULL, false, "dnsjablejnutex"), 

try 
{ 

/* We wit! listen for DNS UDP packets forever*/ 
far(;;){ 

#ifdef START_DNS_AUDIT 

if (! metjJnsJable_auditjunning) { 
I* We don't register this thread with the main process 7 
if (_begmthread(RnetDnsAudit,0,(votd *)NULL) < 0 ) { 
RnetLoggerCDNS", "Audit Start Failure", RNET_ERROR_LOG); 

} 

else 

RnetLoggerCDNS", "Audit Process Started", RNET_BREVITY_LOG); 

} 



r Once all of this works, set up 'onexif routines for the foil owing RNET routines These routines wit! 

reinitialize the PSockets structure, and perhaps do other necessary cleanup (unforseen) V 

r Set up the select structures */ 

FD_ZERO(&TheSockets), 

FD_SET(ServerFd,&TheSockets); 

FD_SET(ClientFd,&TheSockets), 

rc - select(0,&TheSockets t NULL I NULL, NULL): 

P 8FI Scheduling. The Server Side always gets pnonty 7 

if (FD ISSET(ServerFd,&TheSockets» { RnetDnsRtnResp(ServerFd, CiientFd); continue; } 
if (FD ISSET(ClientFd,&TheSockets)) { RnetDnsHandieRqst(CItentFd, ServerFd); continue; } 

} 

} 

catch („ ) 
{ 

RnetDnsShutdown(ClientFd, ServerFd, dnsjab!e„mutex), 

) 



#endif 



} 
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FUNCTION 
RnetDnsHandleRqst 



boo! 

RnetDnsHandteRqst(SOCKET src, SOCKET dst) 

tnt MesgLen, AddrLen, blen = ENET_PKTJ_EN_MAX + £NET_HDR_LEN, Nameldx, SrclPldx; 
struct sockaddrjn RecvFromAddr, 
dnshdr * dns, 

unsigned char buffer[EN ET_PKT_LEN_MAX + ENET_HDR_LEN], *DomainName, 
unsigned short myfiag, 
unsigned short TranslD, 

bzero(buffer. EN ET_PKT_LEN_MAX + ENET_HDR_LEN), 
AddrLen = sizeof(RecvFromAddr); 

if ({MesgLen = w recvfrom(src, (char *) buffer, blen, NULL, (struct sockaddr *)&RecvFromAddr, SAddrLen)) <= 
0) 

return false; 

tf (RecvFromAddr sin.addr.s_addr == met_addr(R N ET_CL1 ENTJN ET_A DD R) ) return falsa; 

dns = (dnshdr *)buffen 
myflag = htons(dns->flags), 

if ({myfiag & 0x8000) ==0){ 

T We wilt 'spoof (ia. return 192.168 5 1) in three */ 
T cases: (1) There are no '.' tn the Domain Name, */ 
T (2) The return code is 3, */ 
l* (3) The response timeout (10 s)is exceeded */ 

if (isDomainNameLocalNet((unstgned char *)&buffer[DNS_HEADER_LEN])) { 
MesgLen = RnetDnsBuiidDefaultResp(buffer); 

RnetLogger("DNS", "Sending default response", RN ET_V ER BOSE_LOG); 
if (w_sendto(src, (char*) buffer, MesgLen, NULL, (struct sockaddr *) &RacvFromAddr, AddrLen) <=*0 ) 
return false, 

> 

else{ 

DomainName - (unsigned char *)&{buffer[DNS_H£ADER_LENR; 

TranslD ~ htons(dns->queryident); 

WaitForSmgleObject(dns_tabie_mutex,INFINITE), 

Nameldx = TblGetNameEntryf&ONSTable, DomainName); 

SrclPldx = TblGetSrclPEntry(&DNSTabie, Nameldx, &RecvFromAddr); 

TblAddNameEntiy(&DNSTable, DomainName, IRecvFromAddr. TranslD, Nameldx, SrcfPldx), 

ReIeaseMutex(dns_tab!e_mutex) , 

/* Forward this DNS query (QR = 0) to the DNS Server */ 
RnetLoggerCDNS", "Forwarding request to server", R N ET_VER BOSE_LOG), 
AddrLen = stzeoffDNSInetAddr); 

if (w_sendto(dst, (char*) buffer, MesgLen, NULL, (struct sockaddr *) &DNS!netAddr, AddrLen) <=0 ) 
return false; 

} 

} 

return true; 



FUNCTION 
RnetDnsShutdown 



RnetDnsShutdowrHSOCKETCItentFd, SOCKET ServerFd, HANDLE dnsjable_mutex) 
CloseHandie(dns_table_mutex) 1 

/* Now shutdown the sockets and the service */ 

closesocket(ClientFd), 

dosesocket(ServerFd); 

ThreadMtceTable{DNSJ.InService = false, 

num_threads_runnmg 

_endthreadO; 

} 



Module sendx 



send.c_2(2) 



FUNCTION 
send.c - additions 



li Copy the packet into our temporary buffer 

NdisGetFirstBufferFromPacket(XportPacket,&FirstBuffer, 

(PCHAR *)(&BufferVA). &FirstLength,&TotalLength), 
t = buffers = 0; 
do{ 

Nd!sQueryBuffer{FirstBuffer, (PCHAR *)(&BufferVA), &FirstLength), 
NdisMoveMemory(Buffer+t, BufferVA, FirstLength), 
t+= FirstLength; 
b!en[buffers++l = FtrstLength; 
NdisGetNextBuffer(FtrstBuffer, &FirstBuffer); 
} while (FifstBuffer); 

dod_ip_packet = scmp(&Buffer{ETH_TYPE_CODE], ETH_IP_TYPE), 
udp packet = bcmp(&Buffer[IP_PROTOCOL ], IP_PROTOCOL_UDP) t 
tcp3acket = bcmp(&BuffertlP_PROTOCOL ], IP_PROTOCOL_TCP), 

if (dod ip_packet &&. (tcp_packet j| udpjsacket)) { 
ip = {PU!NT)(&Buffer[fP_DST_ADDRJ), 
pos = (PUSHORT)(&Buffer(TCP_DST_PORT]) t 
tbl entry = TblGetEntry(Adapter->DestAddrPoo! t *ip, 'pos), 

if (tblentry) { 

if (tcp_packet) tblentry->ttl = 300; else if (udp_packet) tblentry->ttl ~ 60, 
ip a &(tblentry->Dest); 
*(PUlNT)(&Buffen1P_SRC_ADDR]) - *ip; 
memcpy( Buff er,tblentry-> SMac,6) ; 

} 

else { r Hopefully we never get this its bad */ 
DbgPnnt("Entry %t not found on on DestAddrPoolW, 'pos); 

} 

"rf(tcp_packet}{ 

if (BufferiTCP FLAGS_82] & TCP_FIN_FLAG) { 
ip = (PUiNT)(&Buffer(IP_DST_ADDR]>; 
pos - (PUSHORT)(&BuffenTCP_DST_PORT|); 
tblentry = TbfGetEntry(Adapter->DestAddrPool, *ip. *pos); 
if (tbfentry) tblentry->FIags |= TCP_.SYN.FLAG, 

> 

if (BufferfTCP_FLAGS_B2] & TC P_ACK_FLAG) { 
ip = (PUINT)7&BuffenTp_DST_ADDR]J, 
pos = (PUSHORT)(&BufferjTCP_DST_PORT]); 

tblentry - TWGetEntry{Adapter->DestAddrPool, *ip, *pos); 
if {tblentry && tblentry-> Flags & TCP_FIN_FLAG) { 

tblentry->Flags |= 0x08, 

tf (tblentry->Flags ~ ALL_FLAGS_SET) { 
tbtentry->Source = 0; 

DbgPnntf Cleared s entry %t\n", tbIentry->Port); 

} 



} 

proxied_request = lcmp{&BuffertlP_SRC_ADDR], LOCALJP); 
if (scmp(&BufferfTCP_SRC_PORTl, HTTP_PORT) |J fproxied_request) { 
r If request is non-prowed then change source port number to original port 
newjjort - (((BufferfTCP_SRC_PORTl « 8} & OxFFOO) 
+ (BufferfTCP_SRC_PORT_B2] & OxOOFF}) 
- RN_PORT_OFFSET, 
scpy{&BufferjTCP_SRC PORT], new_port), 

} 

} r End TCP Only stuff */ 

// Get new checksums 

Setl PChecksum{ Buffer) , 
SetTCPUDPChecksum(Buffer), 

// Copy the packet back into the buffers from our temporary buffer 
NdisGetFirstBufferFromPacketfXportPacket, &FirstBuffer, 
(PCHAR *)(&BufferVA), &FirstLength, &Total Length); 
t = buffers = 0; 
do{ 

NdisQueryBuffer(FirstBuffer, (PCHAR *)(&BufferVA), &FtrstLength); 
NdisMoveMemory< BufferVA, BufferH blen[buffers++]), 
t +- FirstLength; 

NdisGetNextBufferfFirstBuffer, SFirstBuffer), 
} while (FirstBuffer); 

} 



Module recvx 


recv.c_2(3) 






FUNCTION 
recv.c - Additions 






if (j == OUR UDP PACKET) /* First pass through the for loop V 
{ 

NdisChatnBufferAtFront( ('OurPacketPtr), (*LookaheadNdisBufferPtr) ); 






dodjp_packet = scmp(&Buffer[ETH_TYPE_CODE], ETH_1P_TYPE); 
udp_packet = bcmp(&Buffer[IP_PROTOCOL ], IP_PROTOCOLJJDP), 






tcp_synch_packet = bcmp(&BufferIIP PROTOCOL ], IP„PROTOCOL_TCP) 
I& bcmp(&BuffenTCP_FLAGS_B2 ] t TCP_SYN_FLAG), 






top fin_packet = bcmp(&Buffer[iP PROTOCOL ] t IP_PROTOCOL_TCP) 
&& (BufferfTCP_FLAGS_B2] & TCP_F!N_FLAG), 






if (dodjp_packet && (tcp_synch_packet || tcp_fin_packet |j udp_packet)){ 






/* Copy the original destination IP address tnto the data portion of our UDP datagram */ 
memcpy(SBuffer[RN_UDP_DSTJPl, &Buffer[IP_DST_ADDR], IP_ADDR_SZ), 






/* Indicate whether this is a fin flag V 
Buffer[RN_UDP_F!N] = tcp_fin_packet, 






/* Copy the source ip.7 

merncpy(&BufferfRN_UDP_SRCJP], &BufferfJP_SRC_ADDR], IP_ADDR_SZ); 






1* Copy the source port. */ 

ff(udp_packet)memcpy{&Buffer[RN UDP SRC PORT], &Buffer[UDP_SRC_PORT], PORT_SZ); 
else memcpy(&BufferrRN_UDP_SRC_PORT] 1 &BuffenTCP_SRC_PORT], PORT_SZ), 






/* Set the destination IP to point to our client side card.*/ 
!cpy(&Buffer[IP_DST_ADDR], LOCALJP); 






r Make sure the "protocol" field in the IP header is UDP (not TCP.) 7 
Buffen1P_PROTOCOL] = IP_PROTOCOL_UDP; 






r Set the UDP length field to contain the sire of our data V 
scpy(&8uffer[yDP_LENGTH], RN_UOPJLENGTH) , 






r Set the "total length" field in the IP header. 7 
scpy(&Buffer[IP_LENGTH], RN_UDP_LENGTH + IP_HDR_SZ), 






r Set the destination port number to the port our custom proxy 
** listens onto for this datagram V 
scpy(&Buffer[UDP_DST_PORT] ( RN_PORT); 






T Due to our changes above we must recalculate the checksums. */ 

<So+!PPhortfCi imfRt iff or V 
Oct 1 ~ wllQvl^U m^DUTTer j , 

SetTCPUDPChecksum(Buffer); 






I* Adjust the length of the buffer and pass it up to the transport 
" layer V 

NdisAdjustBufferLength((*LookaheadNdisBufferPtr), 

ETH_HDR_SZ + IP_HDR_SZ + RN_UDP_LENGTH); 






NdisMlndicateReceivePacket{ Adapter->lMNdis Handle, &{*OurPacketPtr), 1 ), 






if ( NDIS GET PACKET STATUS{ (*OurPacketPtr) ) \~ NDIS_STATUS_PENDING ) { 
MPRetumPacket( (NDIS HANDLEJAdapter, fOurPacketPtr) ), > 

} 

else { MPRetumPacket( (NOIS_HANDLE}Adapter, ('OurPacketPtr) ), } 










r 

** Now that we're done with our UDP packet its time to send the 
** actual packet received. Change all the pointers that were 
** used in preparing a packet and buffer to point at new vanables. 
7 






OurPacketStatusPtr ~ &OurPacketStatus; 
PacketEntryPtr = SPacketEntry, 
LookaheadEntryPtr = ALookaheadEntry; 
PktContextPtr = &PktContext 
LookaheadNdtsBufferPtr * &LookaheadNdisBuffer, 
OurPacketPtr = AOurPacket; 






continue, 

} 









Module recv.c 



recv.c_3(3) 



FUNCTION 

recv.c - Additions cont'd 



else r Second pass through the for loop V 
{ 

tf ( ResiduaiEntry ==NULL){ 
NdtsChainBufferAtFront(("OurPacketPtr), ('LookaheadNdisBufferPtr)), 



dod ip_packet = scmp(&Buffer[ETH_TYPE„CODE], ETHJP.TYPE); 
tcp_packet - bcrnp(&Buffer[IPJ=ROTOCOL ], IP_PROTOCOL_TCP), 
udp _packet = bcmp(&BufferfJ ^PROTOCOL ], IP_PROTOCOL_UDP); 
proxtedj-equest = Icmp{&8uffer[ip" DST.ADDR ], LOCALJP); 

if (dod ip_packet && (tcp_packet j[ udp_packet)){ 

src tp addr ptr = (PUINT)(&Buffer[IP_SRC_ADDR]>; 
dst" pladdrlptr = (PUINT)(&Buffer[IP_DST_ADOR]); 
merncpy(src_mac_addr 1 (&8uffer[ETH_SRC_ADDR]),6) 1 

if (Buffer[IP_PROTOCOL] == IP_PROTOCOL_TCP) { 

src_port_ptr = (PUSHORTX&BufferTTCP_SRC_PORT]) t 

if (BuffenTCP_FLAGS_B2J == TCP_SYN_FLAG) { 
r Save the entry in the DestAddrPool table if we have a synchronize flag. */ 
i = TblAddEntry(Adapter->DestAddrPoot, *srcjp_addr_ptr, *dstjp_addr_ptr, 

src mac addr, *src_port_ptr), 
if(« ==-1)T 
e!se{ 

Adapter->DestAddrPool[j].tt! = 300, 

} 

} 

tblentry = TblGetEntry(Adapter->DestAddrPejol, *src_ip_addr_ptr, *srcj5ort_ptr), 
tf(tblentry}{ 

!* Remove the entry from the table if we have a reset. */ 

if (BufferrTCP_FLAGSJ32] TCP_RST_FLAG) { tblentry->Source - 0; } 

r Mark the entry as finished when we receive the finished flag */ 

if (BufferfTCP_FLAGS_B2] & TCP_FIN_FLAG) { tblentry->Fiags |= TCP_F!N_FtAG, > 

if ((BufferrrCP - FUGS_B2I & TCP_ACK_FLAG) && (tblentry->Flags & TCP_SYN_FLAG}) { 
r Set the reset flag inlhe entry if we have an acknowledge and synchronize flag. 7 
tbiantry.>Flags {= TCP_RST_FLAG, 

r Remove the entry from the table if all the flags are set */ 
if (tbientry->Flags == ALL_FLAGS_SET) { tblentry->Source = 0; } 

} 

> 

if (scmp(&BufferfTCP_DST_PORT], HTTP_PORT) || !proxied_request) { 
I* If the request is non-proxied then change the destination port number to a different 
** port Our custom proxy then listens on this port for non-proxied requests. */ 
new port = ((BufferfTCP_DST_PORT] « 8) & OxFFOO) 

" + (8ufferfTCP_DST_PORTB2] & OxOOFF) + RN_PORT_OFFSET; 
scpy{&BufferTrCP DST PORT], new_port); 

} 

else if (Buffer[IP_PROTOCOL] == IP_PROTOCOL_UDP) { 
r Add an entry to the table if it is a UDP packet 7 
srcj>ort_j>tr = (PUSHORT)(&BufferIUDP_SRC_PORT]); 

i = TblAddEntry(Adapter->DestAddrPool, *srcjp_addr_ptr, *dst_ip_addr_ptr, 
src_mac_addr, *src_port_ptr); 

else{ 

Adapter->OestAddrPool[i].ttl = 60; 

} 

} 

/* Point the IP destination to our client side tP address. 7 
lcpy(&Buffer[!P_DST_AODR], LOCALJP), 

r Because of our changes we have to recalculate the checksums. */ 
SetlPChecksum(Buffer), SetTCPUDPChecksum(Buffer), 

} 

f Pass the packet up to the transport layer 7 
NdisMlndicateReceivePacket{ Adapter->IMNdtsHandle, &OurPacket, 1 }; 
tf ( NDIS GET PACKET_STATUS( OurPacket ) != NDIS_STATUS_P ENDING ) { 
MPRetumPacket( (NDIS_HANDLE)Adapter, OurPacket), 

} 

} 



LINUX ALGORITHMS 



Ifjeadyneth 
/* ifreadyneth*/ 

#define READYNET_MAC_ADDR "0080C86DECOB" 
#define READYNET_IP_ADDR "192.168.5.1" 

int readynet_client(struct device *dev); 



Readynet.c 

/* Exam if the packet is from readynet client side adapter card */ 
/* return 1 when it's true and 0 otherwise */ 

int readynet_client(struct device *dev) 
{ 

unsigned char met Jiaddr [MAX_ADDR_LEN] ; 
hit i; 

StrToHex(met_haddr, READYNETMACADDR); 

for (fc=0; i< 6; i++) { 

if(rnet_haddr[i] != dev->dev_addr[i]) 
return 0; 

} 

printk('Tacketage coming through client side adapter.W 1 ); 
return 1; 

J 



/usr/src/linux/net/ipv4/Makefile 
OJTARGET := ipv4.o 

IPV4__OBJS :- readynet.o utils.o route.o proc.o timer.o protocoLo \ 
ip_input.o ip_fragment.o ip_forward.o ip_options.o \ 
ip_output.o ip_sockglue.o \ 

tcp.o tcp__input.o tcp_output.o tcp_timer.o tcp_ipv4.o\ 
raw.o udp.o arp.o icmp.o devineto af_inet.o igmp.o \ 
sysctl_net_ipv4.o fib_frontend.o fib_semantics.o fibjiash.o 



/usr/src/linux/net/ipv4/arpx 

/* Extract fields 
*/ 

sha=arp_ptr; 

arp_ptr += dev->addr_len; 
memcpy(&sip, arp_ptr, 4); 
arp_ptr += 4; 
tha=arp_ptr; 

arp jptr += dev->addr_len; 
memcpy(&tip, arp_ptr, 4); 

if (readynet_client(dev)) { 
/* readynet ciient_side */ 

/* Special case: IPv4 duplicate address detection packet (RFC2131) */ 
if(sip = 0){ 

if (arp->ar_pp = _constant_htons(ARPOP_REQUEST) && 
inet_addr_type(tip) = RTN_LOCAL) 

arp_send(ARPOPJEU3PLY3^ 
goto out; 

} 

if (arp->ar_op = _constant_htons(ARPOP_REQUEST) && 
ip_route_input(skb, in_aton(READYNET_IP_ADDR) 5 sip, 0, dev) = 0) { 

it = (struct rtable*)skb->dst; 
addrjype = rt->rt_type; 

if (addrjype = RTN LOCAL) { 

n = neigh_eventjis(&arp Jbl, sha, &sip, dev); 
if(n){ 

printk("ARP: ARP Request from %s M , in_ntoa(sip)); 
printk("to %s\n", in_ntoa(tip)); 

arp_send(ARPOP_REPLY J ETH_P_ARP,sip 3 dev,tip ) sha s dev->dev_addr 5 sha); 

printk("ARP: ARP Reply from %s", in__ntoa(tip)); 
printk("to %s\n", in_ntoa(sip)); 
neigh jrelease(n); 

} 

goto out; 

} else if (IN_DEV_FORWARD(in_dev)) { 
if ((rt->rt_flags&RTCF_DNAT) || 

(addrjype = RTN_UNICAST && rt->u.dst.dev != dev && 
(IN_DEV_PROXY_ARP(in_dev) || pneighJookup(&arp_tbl, &tip, dev, 0)))) { 

n = neigh_event_ns(&arp Jbl, sha, &sip, dev); 

neigh_release(n); 

if (skb->stamp,tv_sec = 0 || 
skb->pktjype = PACKETJHOST || 
in_dev->arp_parms->proxy_delay = 0) { 
arp_send(ARPOP_REPLY,ETH_P_ARP,sip ; dev J tip,sha ? dev->dev^addr ? sha); 



-y* 

} else { 

pneigh_enqueue(&arp_tbl, m_dev->arp_parms> skb); 
return 0; 

} 

goto out; 

} 

/*add here to change the route table*/ 

} else { 

/* readynet server side */ 

/* Special case: IPv4 duplicate address detection packet (RFC2131) */ 
if(sip = 0){ 

if (arp->ar_op =_constant_htons(ARPOP_REQUEST) && 
inet jiddrjype(tip) = RTNJLOCAL) 

aipjsend(AMH3PJffiPL^^^ 
goto out; 

} 



} 

/* Update our ARP tables *f 



/usr/src/linux/net/ipv4/ip_input.c 

int ip_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt) 
{ 

struct iphdr *iph = skb->nh.iph; 
#ifdef CONFIG JFIREWALL 
int fwres; 
ul6 rport; 

#endif /+ CONFK3FIREWALL */ 
/* 

* When the interface is in promise, mode, drop all the crap 

* that it receives, do not try to analyse it. 
*/ 

if (skb->pkt_type = PACKET J5THERHOST) 
goto drop; 

ip_statistics.IpInReceive$-H-; 

if (skb->len < sizeof(struct iphdr)) 
goto inhdr_error; 

if (iph->ihl < 5 || iph->version != 4 || ip_fast_csum((u8 *)iph, iph->ihl) != 0) 
goto inhdr_error; 

{ 

u32 len = ntohs(iph->tot_len); 

if (skb->len < len) 
goto inhdr_error; 

skb_trim(skb s len); 

} 

/* readynet modification of incoming IP packet */ 
struct *newskb; 

/*make a copy of the skb_buff */ 
newskb = skb_copy(skb); 

newskb->nh.iph->dadda = in_aton(Readynet server-side_IP_address); 
/* there might be other field need to be changed as well*/ 
ip_send__check (newskb->nh.iph); /*IP checksum*/ 

/*make a copy of the skb_buff */ 

/* append this modified IP packet onto the IP outgoing queue*/ 
ip_queue_xmit(newskb); 



